﻿<%@ WebHandler Language="C#" Class="Comment" %>

using System;
using System.Web;
using System.Data;
using System.Data.Common;
using System.Web.SessionState;
using System.Globalization;
using System.Collections;


public class Comment : IHttpHandler, IRequiresSessionState
{

    private string VerificationImgCode = "";
    public void ProcessRequest(HttpContext context)
    {
        
        context.Response.ContentType = "application/json;charset=UTF-8";
        int Item_Id = Convert.ToInt32(context.Request.Params["Item_Id"].ToString().Trim());
        /* 如果是用户来信，验证安全码 */
        if (Item_Id == 0)
        {
            VerificationImgCode = context.Request.Params["VerificationImgCode"].ToString().Trim();
            /* 验证码判断 */
            if (context.Session["VerificationImgCode"] == null)
            {
                Utils.ShowEnd(context, -2);
            }
            else if (VerificationImgCode.ToLower() != context.Session["VerificationImgCode"].ToString().Trim().ToLower())
            {
                Utils.ShowEnd(context, -2);
            }

            /* 防止页面回退重复提交数据,清理掉 */
            context.Session["VerificationImgCode"] = "Is Did!";
        }

        /* 如果是管理员验证管理员身份 */
        else
        {
            if (!Admins.IsLogin(true))
                Utils.ShowEnd(context, -2);
        }

        try
        {
            string Item_User = context.Request.Params["Item_User"].ToString().Trim();
            string Item_Tel = context.Request.Params["Item_Tel"].ToString().Trim();
            string Item_Content = context.Request.Params["Item_Content"].ToString().Trim();
            string Item_Time = context.Request.Params["Item_Time"].ToString().Trim();
            int Lang = Convert.ToInt32(context.Request.Params["Lang"].ToString().Trim());
            
            /* 转码 */
            Item_User = Utils.HtmlCodeClear(Item_User);
            Item_User = Utils.HtmlEncode(Item_User);
            Item_Tel = Utils.HtmlEncode(Item_Tel);

            Item_Content = Utils.HtmlCodeClear(Item_Content);
            Item_Content = Utils.HtmlEncode(Item_Content);

            /* 验证完整性 */
            if (Item_User.Length > 3 && Item_Tel.Length > 7)
            {
                DbParameter[] param = {
                    DBHelper.MakeInParam("@Item_Id",(DbType)SqlDbType.Int,4,Item_Id),
                    DBHelper.MakeInParam("@Item_User",(DbType)SqlDbType.NVarChar,50,Item_User),
                    DBHelper.MakeInParam("@Item_Tel",(DbType)SqlDbType.VarChar,15,Item_Tel),
                    DBHelper.MakeInParam("@Item_Content",(DbType)SqlDbType.NText,800,Item_Content),
                    DBHelper.MakeInParam("@Item_Time",(DbType)SqlDbType.DateTime,8,Item_Time),
                    DBHelper.MakeInParam("@Lang",(DbType)SqlDbType.TinyInt,1,Lang),
                    };
                int Status = DBHelper.ExecuteNonQuery(CommandType.StoredProcedure, "Comment_AddEdit", param);
                Utils.ShowEnd(context, Status);
            }
            else
                Utils.ShowEnd(context, -1);
        }
        catch (System.Threading.ThreadAbortException)
        {
        }   
        catch (Exception ex)
        {
            Utils.ShowEnd(context, ex.ToString());
        }
    }
    public bool IsReusable
    {
        get
        {
            return false;
        }
    }


}